COG-GTM · devin-ai-integration · Jan 8, 2026
diff --git a/pom.xml b/pom.xml
@@ -67,6 +67,11 @@
 			<artifactId>spring-security-test</artifactId>
 			<scope>test</scope>
 		</dependency>
+		<dependency>
+			<groupId>com.h2database</groupId>
+			<artifactId>h2</artifactId>
+			<scope>test</scope>
+		</dependency>
 	</dependencies>
 
 	<build>

diff --git a/src/test/java/com/example/bankapp/config/SecurityConfigTest.java b/src/test/java/com/example/bankapp/config/SecurityConfigTest.java
@@ -0,0 +1,175 @@
+package com.example.bankapp.config;
+
+import com.example.bankapp.model.Account;
+import com.example.bankapp.service.AccountService;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.mock.mockito.MockBean;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.test.context.support.WithMockUser;
+import org.springframework.test.web.servlet.MockMvc;
+
+import java.math.BigDecimal;
+import java.util.ArrayList;
+
+import static org.junit.jupiter.api.Assertions.*;
+import static org.mockito.Mockito.when;
+import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
+
+@SpringBootTest
+@AutoConfigureMockMvc
+class SecurityConfigTest {
+
+    @Autowired
+    private MockMvc mockMvc;
+
+    @Autowired
+    private PasswordEncoder passwordEncoder;
+
+    @MockBean
+    private AccountService accountService;
+
+    private Account testAccount;
+
+    @BeforeEach
+    void setUp() {
+        testAccount = new Account();
+        testAccount.setId(1L);
+        testAccount.setUsername("testuser");
+        testAccount.setPassword("encodedPassword");
+        testAccount.setBalance(new BigDecimal("1000.00"));
+        testAccount.setTransactions(new ArrayList<>());
+    }
+
+    @Test
+    void passwordEncoder_ReturnsBCryptPasswordEncoder() {
+        assertNotNull(passwordEncoder);
+        assertTrue(passwordEncoder instanceof BCryptPasswordEncoder);
+    }
+
+    @Test
+    void passwordEncoder_EncodesPassword() {
+        String rawPassword = "testPassword123";
+        String encodedPassword = passwordEncoder.encode(rawPassword);
+
+        assertNotNull(encodedPassword);
+        assertNotEquals(rawPassword, encodedPassword);
+        assertTrue(passwordEncoder.matches(rawPassword, encodedPassword));
+    }
+
+    @Test
+    void passwordEncoder_DifferentEncodingsForSamePassword() {
+        String rawPassword = "testPassword123";
+        String encodedPassword1 = passwordEncoder.encode(rawPassword);
+        String encodedPassword2 = passwordEncoder.encode(rawPassword);
+
+        assertNotEquals(encodedPassword1, encodedPassword2);
+        assertTrue(passwordEncoder.matches(rawPassword, encodedPassword1));
+        assertTrue(passwordEncoder.matches(rawPassword, encodedPassword2));
+    }
+
+    @Test
+    void registerEndpoint_IsPublic() throws Exception {
+        mockMvc.perform(get("/register"))
+                .andExpect(status().isOk());
+    }
+
+    @Test
+    void loginEndpoint_IsPublic() throws Exception {
+        mockMvc.perform(get("/login"))
+                .andExpect(status().isOk());
+    }
+
+    @Test
+    void dashboardEndpoint_RequiresAuthentication() throws Exception {
+        mockMvc.perform(get("/dashboard"))
+                .andExpect(status().is3xxRedirection())
+                .andExpect(redirectedUrlPattern("**/login"));
+    }
+
+    @Test
+    void transactionsEndpoint_RequiresAuthentication() throws Exception {
+        mockMvc.perform(get("/transactions"))
+                .andExpect(status().is3xxRedirection())
+                .andExpect(redirectedUrlPattern("**/login"));
+    }
+
+    @Test
+    void depositEndpoint_RequiresAuthentication() throws Exception {
+        mockMvc.perform(post("/deposit")
+                        .with(csrf())
+                        .param("amount", "100.00"))
+                .andExpect(status().is3xxRedirection())
+                .andExpect(redirectedUrlPattern("**/login"));
+    }
+
+    @Test
+    void withdrawEndpoint_RequiresAuthentication() throws Exception {
+        mockMvc.perform(post("/withdraw")
+                        .with(csrf())
+                        .param("amount", "100.00"))
+                .andExpect(status().is3xxRedirection())
+                .andExpect(redirectedUrlPattern("**/login"));
+    }
+
+    @Test
+    void transferEndpoint_RequiresAuthentication() throws Exception {
+        mockMvc.perform(post("/transfer")
+                        .with(csrf())
+                        .param("toUsername", "recipient")
+                        .param("amount", "100.00"))
+                .andExpect(status().is3xxRedirection())
+                .andExpect(redirectedUrlPattern("**/login"));
+    }
+
+    @Test
+    @WithMockUser(username = "testuser")
+    void authenticatedUser_CanAccessDashboard() throws Exception {
+        when(accountService.findAccountByUsername("testuser")).thenReturn(testAccount);
+
+        mockMvc.perform(get("/dashboard"))
+                .andExpect(status().isOk());
+    }
+
+    @Test
+    @WithMockUser(username = "testuser")
+    void authenticatedUser_CanAccessTransactions() throws Exception {
+        when(accountService.findAccountByUsername("testuser")).thenReturn(testAccount);
+        when(accountService.getTransactionHistory(testAccount)).thenReturn(new ArrayList<>());
+
+        mockMvc.perform(get("/transactions"))
+                .andExpect(status().isOk());
+    }
+
+    @Test
+    void logout_RedirectsToLoginWithLogoutParam() throws Exception {
+        mockMvc.perform(post("/logout")
+                        .with(csrf()))
+                .andExpect(status().is3xxRedirection())
+                .andExpect(redirectedUrl("/login?logout"));
+    }
+
+    @Test
+    void loginPage_HasCorrectUrl() throws Exception {
+        mockMvc.perform(get("/login"))
+                .andExpect(status().isOk())
+                .andExpect(view().name("login"));
+    }
+
+    @Test
+    void registerPost_WithValidData_RedirectsToLogin() throws Exception {
+        mockMvc.perform(post("/register")
+                        .with(csrf())
+                        .param("username", "newuser")
+                        .param("password", "password123"))
+                .andExpect(status().is3xxRedirection())
+                .andExpect(redirectedUrl("/login"));
+    }
+}